August 5, 2005

Internet worms could wriggle around warning systems and affect our national defense

Distributed Denial of Service (DDoS) gained notoriety as a vehicle for cyber criminals in 2001 when eBay, Microsoft and Amazon were attacked, resulting in $1 billion in damages and lost business. Thereafter, denial of service attacks have grown in frequency, size and sophistication, and are now estimated by the University of California to number 4,000 per week worldwide. Advancements in P2P networking, greater bandwidth availability and the convergence of wireless and webTV are only fuelling the frequency of DDoS attacks. According to the FBI, Denial of Service has now become the most costly form of cyber crime businesses face today.

Results of a "Denial of Service" attack include web site downtime, the inability to take and process orders, damaged customer loyalty and, in the worst-case scenario, bankruptcy. According to a recent study by Aberdeen Group, an internet-based attack can cost a business on average $2 million in revenue per incident. Barrett Lyon, CTO of Prolexic has said that "Cyber terrorists are now utilising up to 75,000 zombie computers in one attack, which means that DDoS attacks can exceed 1 gigabyte in bandwidth. This is a problem for routers and firewalls, as they are unable to respond to a dynamic attack which may grow in size and complexity. Therefore, as attacks become more sophisticated, the limitations of traditional security measures are exposed, especially as we are seeing attacks that target multiple network layers simultaneously and more effectively mask their source."

But now we may have a more serious problem, our national defense may be threatened:

A study by U.S. scientists has revealed that Computer worms may soon wriggle around the early warning systems that detect an impending attack.

John Bethencourt and colleagues at the University of Wisconsin in Madison discovered that carefully probing network addresses can reveal the location of hidden sensor networks that alert network operators to an impending attack. Armed with this information, the creator of a computer worm could create code that bypasses these traps and infects more computers as it spreads. The researchers say the same principle could enable troublemakers to bypass other forms of network defences, including blocks against intruders probing the system and barriers to prevent so-called denial of service attacks.